Posts Tagged 'Privacy'

Why it's OK to be a server hugger—a cloud server hugger.

(This is the second post in a three-part series. Read the first post here.)

By now, you probably understand the cloud enough to know what it is and does. Maybe it's something you've even considered for your own business. But you're still not sold. You still have nagging concerns. You still have questions that you wish you could ask, but you're pretty sure no cloud company would dignify those questions with an honest, legitimate response.

Well we’re a cloud company, and we’ll answer those questions.

Inspired by a highly illuminating (!) thread on Slashdot about the video embedded below, we've noticed that some of you aren't ready to get your head caught up in the cloud just yet. And that's cool. But let's see if maybe we can put a few of those fears to rest right now.

"[With the cloud], someone you don't know manages [your cloud servers], and they can get really unaccountable at times."

Hmm. Sounds like somebody's had a bad experience. (We're sorry to hear that.) But in truth, cloud computing companies are nothing without reputation, integrity, and, well, security upon security upon security measures. Accountability is the name of the game when it comes to you trusting us with your critical information. Research, research, research the company you choose before you hand anything over. If the measures that a potential cloud provider take don't cut the mustard with you, jump ship immediately—your business is way too important! But you're bound to find one that has all the necessary safeguards in place to provide you with plenty of peace of mind.

Oh, and by the way, have we mentioned that some cloud infrastructure providers put the deployment, management, and control in the hands of their customers? Yup. They just hand the reins right over and give you complete access to easy-to-use management tools, so you can automate your cloud solution to fit your unique needs. So there's that.

"The nickel-and-dime billing that adds up awfully damned quickly. Overall, if you're not careful you can rack upwards of $4k/mo just to host a handful of servers with hot backups and a fair amount of data and traffic on them."

You're right. That's why it's important to plan your cloud architecture before you go jumping in. Moving to the cloud isn't something you do with your eyes closed and with a lack of information. Know your company's business needs and find the best solution that fits those needs—every single one of those needs. Be realistic. Assess intelligently. Know your potential provider's add-on costs (if any) ahead of time so that you can anticipate them. Sure, add-ons can pile up if you're caught off-guard. But we know you're too smart for that to be a problem.

Play around with your possibilities before you sign on that dotted line. If you can't, search for a provider who'll let you play before you pay.

"Many cloud services break many privacy laws. The service provider can see/use the data too. Some of us are even bound by law to maintain the integrity of certain classes of information (personal, medical, financial). Yielding physical control to another organization, no matter what their reputation, removes your ability to perform due diligence. How do I know that what I legally have to keep private really is private?"

Sigh. Okay, we hear this fear; we really do, but it's just not true. Not for any reputable cloud solutions provider that wants to stay in business, anyway. We, grown-ups of cloud computing, take the security of your data very, very seriously. There are hackers. There are malicious attacks. There are legal compliance issues. And for those, we have Intrusion Protection Software, firewalls, SSL certificates, and compliance standards, just to name a few. We can handle what you throw at us, and we respect and honor the boundaries of your data.

So let's talk nitty gritty details. You're probably most familiar with the public cloud, or virtual servers. Yes, infrastructure platforms are shared, but that doesn't mean they're pooled—and it certainly doesn't mean universal accessibility. Your virtual server is effectively siloed from the virtual servers of every other client on that public server, and your data is accessible by you and only you. If you think about it like an apartment complex, it makes a lot of sense. The building itself is multi-tenant, but only you have the key to the contents of your individual unit.

On the other hand, bare metal servers are mansions. You're the only one taking up residence on that dedicated server. That big bad house is yours, and the shiny key belongs to you, and you only. (Check you out, Mr. Big Stuff.) You have complete and utter control of this server, and you can log, monitor, and sic the dogs on any and all activity occurring on it. Bare metal servers do share racks and other network gear with other bare metal servers, but you actually need that equipment to ensure complete isolation for your traffic and access. If we use the real estate analogy again and bare metal servers are mansions, then anything shared between bare metal servers are access roads in gated communities and exist only to make sure the mailman, newspaper delivery boy, and milkman can deliver the essential items you need to function. But no one's coming through that front door without your say so.

We cloud folk love our clients, and we love housing and protecting their data—not sneaking peeks at it and farming it out. Your security means as much to us as it means to you. And those who don't need access don't have it. Plain and simple.

"I don't want [my data] examined, copied, or accidentally Googled."

You don't say? Neither do we.

"What happens to my systems when all of your CxOs decide that they need more yachts so they jack up the pricing?"

They stay put, silly. No one takes systems on the boat while yachting. Besides, we don't do yachts here at SoftLayer—we prefer helicopters.

Stay tuned for the last post in this series, where we discuss your inner control freak, invisible software, and real, live people.

Even with the knowledge that images can live on forever to haunt you, people continue to snap self-portraits in compromising positions (it’s your prerogative). Heck, before smart phones came along, people were using Polaroids to capture the moment. And, if history teaches us anything, people will continue the trend—instead of a smart phone, it’ll be a holodeck (a la Star Trek). Ugh, can you imagine that?

The recent high-profile hack of nude celebrity photos came from private phones. They weren’t posted to Facebook or Instagram. These celebrities didn’t hashtag.

After speculation the hack stemmed from an iCloud® security vulnerability, Apple released a statement saying, “We have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet.” The cloud platform was secure. The users’ security credentials weren’t.

These were private photos intended for private use, so how did they get out there? How can you protect your data; your images; your privacy?

You’ve heard it once; twice; probably every time you create a new account online (and in this day in age, we all have dozens of user accounts online):

Use a strong password. This SoftLayer Blog is an oldie but a goodie where the author gives the top three ways to make a password: 1) use a random generator like random.org; 2) use numbers in place of letters—for example, “minivan” becomes “m1n1v4n”; 3) write your passwords down in plain sight using “Hippocampy Encryption” (named in honor of the part of the brain that does memory type activities). Or take the XKCD approach to password security.

And for heaven’s sake, don’t use the same password for every account. If you duplicate usernames and passwords across sites, a hacker just needs to access one account, and he or she will be able to get into all of your accounts!

Craft little-known answers to security questions. Don’t post a childhood photo of you and your dog on Facebook with the description, “Max, the best pup ever” and then use Max as a security validation answer for “What’s the name of your favorite pet?” It’s like you’re giving the hackers the biggest hint ever.

If available, use a two-factor authentication security enhancement. The government (FISMA), banks (PCI) and the healthcare industry are huge proponents of two-factor authentication—a security measure that requires two different kinds of evidence to prove that you are who you say you are and that you should have access to what you're trying to access. Read our blog or KnowledgeLayer Article for more details.

Remember passwords are like underwear—don’t share them with friends and change them often. When it comes to passwords, at least once a year should suffice. For underwear, we recommend changing more regularly.

We won’t tell you what to do with your sensitive selfies. But do yourself a favor, and be smart about protecting them.

On Friday, April 27, 2011, I powered on my Sony Playstaton 3 and prepared to sit down for an enjoyable gaming session. As a Sony customer and a PlayStation Network (PSN) user, I expected my system to be able to connect to a service that I was told would be available. Because I had to sign an agreement to join the PSN, I expected my personal information to be secure. On that morning, I logged in and had no idea that my personal security might be at risk due to a lack of tight-knit practices and possible information redundancy.

My many years of brand loyalty held strong as I was told constantly that the PSN was down as a result of a maintenance. I understand that emergencies happen and proper planning by a professional company is in place to shorten the duration of impact. As it turned out, proper planning for this type of event seemed to have been lost on Sony. A malicious security cracker was able to infiltrate their network to gain access to numerous PSN customers' sensitive personal information. This kind of blunder had every PSN customer wondering what could be done to prevent this kind of event from happening again.

You probably noticed that I used the word "cracker" as opposed to the more common "hacker." A hacker is an extremely knowledgeable person when it comes to computers and programming who knows the ins and outs of systems ... which is completely legal. The typical misconception is that all "hackers" are engaged in illegal activity, which is not true. If the hacker decides to use these skills to circumvent security for the purpose of stealing, altering and damaging (which is obviously illegal), then the hacker becomes a cracker. To put it simply: All crackers are hackers, but not all hackers are crackers.

When I started working at SoftLayer three years ago, I was told to pay very close attention to our company's security policy. Each employee is reminded of this policy very regularly. Proper security practice is essential when dealing with private customer data, and with the advancement of technology comes the availability of even more advanced tools for cracking. As a trusted technology partner, it is our obligation to maintain the highest levels of security.

There is not a day at work that I am not reminded of this, and I completely understand why. Even at a personal level, I can imagine the detrimental consequences of having my information stolen, so multiply that by thousands of customers, and it's clear that good security practices are absolutely necessary. SoftLayer recognizes what is at stake when businesses trust us with their information, and that's one of the big reasons I'm to work here. I've gone through the hassle and stress of having to cancel credit cards due to another company's negligence, and as a result, I'm joining my team in making sure none of our customers have to go through the same thing.

With the recent releases of Google's Chrome (Sept 2), Microsoft's Internet Explorer 8 Beta 2 (Aug 28), Mozilla's Firefox 3 (June 17), not to mention all the legacy browsers many of which are still in use. If you are not a web developer, you are probably thinking why should I care what web browser people are using? Believe me you should, the majority of SoftLayer’s customers run a business and with that have a website which must be displayed on, you guessed it, a web browser.

1. Layout/Rendering Engine
This could be one of the biggest differences between the browsers, a layout/rendering engine is what the browser uses to parse the html and display your web pages. Although there are numerous specifications for various types of content (HTML, XHTML, images, etc..) each of the engines seem to render it slightly different based on their interpretation of the specification documents.

But don’t take my word for it go check the ACID website or the screenshots of the ACID tests in different web browsers.

2. Your Privacy
Most of the front runners in the browser wars are sending your usage and machine specifications back to the mother ship. What they are doing with the information once they get it, who knows. But, with Google being the front runner in search and ads, with the addition of Google Chrome, they pretty much can monitor all web usage for anyone using their product. Please get out the tin foil hats now ☺

3. Usage / Front Runner
Based off most of the statistics I have seen IE 6, IE 7, Firefox 2, Firefox 3 are the front runners, with a few stragglers using Safari and Opera. But I bet things will be changing and Chrome will be coming up in usage ranks over the next few months as well as IE 8 once it is released from Beta.

At SoftLayer we test on all the major front runners in the browser wars for our web presence. I will be grabbing the popcorn and watching the show, things are about to get hectic in this area. Whether it is good or bad; users are getting more options in the browser market.